The Dangers of Client Probing on Palo Alto Firewalls
August, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire
While performing a routine internal penetration test, I began the assessment by running Responder in analyze mode just to get an idea of what was being sent over broadcast. Much to my surprise, I found that shortly after running it, a hash was captured by Responder’s SMB listener.
Humans Are the Weakest Link in Security
July, 2018, Mike Weber, Vice President, Coalfire Labs
In our recent analysis of penetration testing engagements contained in our Penetration Risk Report, we discuss the impact that social engineering, specifically phishing, has on the ability to allow attackers insider access to compromise an organization.
Executing Meterpreter on Windows 10 and Bypassing Antivirus
June, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire
One of my Labs colleagues recently published an article on the Coalfire Blog about executing an obfuscated PowerShell payload using Invoke-CradleCrafter. This was very useful, as Windows Defender has upped its game lately and is now blocking Metasploit’s Web Delivery module. I wanted to demonstrate an alternate way to achieve the same goal, without dropping any files on the host system while providing more options depending on what ports can egress the network.
The Threats That Are Your Weakest Link
June, 2018, Mike Weber, Vice President, Coalfire Labs
Coalfire published the latest report in its Securealities series, The Penetration Risk Report, and it’s based on findings from Coalfire penetration tests. It includes data drawn from engagements with businesses of all sizes, spanning financial services, retail, healthcare, and technology/cloud service providers. Some findings were contrary to current accepted wisdom on cybersecurity while other findings confirmed long held notions for others.
How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL
June, 2018, Darrell Damstedt, Senior Consultant, Coalfire Labs, Coalfire
I like to do bug bounties from time to time, mostly when I am sacrificing sleep once the kids are finally out cold. This seemed like a worthy experience to document. Let me just start by saying I don't plan on going into the whole recon bits too deeply here. Maybe I will someday if I ever have enough time to give the topic the justice it deserves.